XSS in Action View
CVE-2020-15169

5.4MEDIUM

Key Information:

Vendor: Rails
Status: Actionview
Vendor: CVE Published:; 11 September 2020

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2020-15169?

In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the t and translate helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory.

Affected Version(s)

actionview < 5.2.4.4 < 5.2.4.4

actionview >= 6.0.0.0, < 6.0.3.3 < 6.0.0.0, 6.0.3.3

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-15169
Created by glasses618

References

https://github.com/rails/rails/security/advisories/GHSA-c...

x_refsource_CONFIRM

https://www.debian.org/security/2020/dsa-4766

vendor-advisoryx_refsource_DEBIAN

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Oct 8, 2020
👾
Exploit known to exist
Oct 8, 2020
Vulnerability published
Sep 11, 2020
Vulnerability Reserved
Jun 25, 2020

Rails